According to developers: "A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center."

In addition to fixes for one major security issue, the updates also include four more minor security fixes, as well as fixes for other, non-security-related issues. Some of these fixes include:

A security vulnerability that made contrib/pgcrypto-generated strings too easy to guess;

A vulnerability that would allow unprivileged users to interfere with backups;

Security issues involving the OS X and Linux installers;

Vaious issues with GiST indices;

An issue related to crash recovery; and

Memory and buffer leaks, among others.

The updates also allow PostgreSQL to be built using Microsoft Visual Studio 2012.

David Nagel is editorial director, education for 1105 Media's Public Sector Media Group and editor-in-chief of THE Journal. A 22-year publishing veteran, Nagel has led or contributed to dozens of technology, art and business publications.